admin login validation added

This commit is contained in:
mohanmd 2026-06-20 22:21:47 +05:30
parent d2c3564c26
commit 39fae18ef6
3 changed files with 164 additions and 18 deletions

View File

@ -21,32 +21,54 @@ public function showLogin()
*/
public function login(Request $request)
{
$credentials = $request->validate([
$validator = \Illuminate\Support\Facades\Validator::make($request->all(), [
'email' => ['required', 'email'],
'password' => ['required'],
], [
'email.required' => 'Please enter your email address.',
'email.email' => 'Please enter a valid email address.',
'password.required' => 'Please enter your password.',
]);
if ($validator->fails()) {
return back()->withErrors($validator)->withInput($request->only('email'));
}
$credentials = $validator->validated();
// Database-backed authentication check
$user = \App\Models\User::where('email', $credentials['email'])->first();
if ($user && \Illuminate\Support\Facades\Hash::check($credentials['password'], $user->password) && $user->role === 'admin') {
$request->session()->regenerate();
auth()->login($user);
session(['user' => (object)[
'id' => $user->id,
'name' => $user->name,
'email' => $user->email,
'role' => $user->role,
]]);
return redirect()->intended('/admin/dashboard');
if (!$user) {
return back()->withErrors([
'email' => 'This email is not registered.',
])->withInput($request->only('email'));
}
return back()->withErrors([
'email' => 'The provided credentials do not match our records. (Use admin@example.com / password)',
]);
if ($user->role !== 'admin') {
return back()->withErrors([
'email' => 'This email is not registered as an admin.',
])->withInput($request->only('email'));
}
if (!\Illuminate\Support\Facades\Hash::check($credentials['password'], $user->password)) {
return back()->withErrors([
'password' => 'The password you entered is incorrect.',
])->withInput($request->only('email'));
}
$request->session()->regenerate();
auth()->login($user);
session(['user' => (object)[
'id' => $user->id,
'name' => $user->name,
'email' => $user->email,
'role' => $user->role,
]]);
return redirect()->intended('/admin/dashboard');
}
/**

View File

@ -54,7 +54,7 @@ export default function Login() {
<hr className="border-slate-100 mb-6" />
{/* Form */}
<form onSubmit={handleSubmit} className="space-y-5">
<form onSubmit={handleSubmit} noValidate className="space-y-5">
<div>
<label htmlFor="email" className="block text-sm font-medium text-gray-700 mb-1.5">
Email Address

View File

@ -0,0 +1,124 @@
<?php
namespace Tests\Feature;
use App\Models\User;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Tests\TestCase;
class AdminLoginTest extends TestCase
{
use RefreshDatabase;
/**
* Test admin login page can be rendered.
*/
public function test_admin_can_view_login_page()
{
$response = $this->get('/admin/login');
$response->assertStatus(200);
}
/**
* Test admin login validation fails if email is invalid.
*/
public function test_admin_login_fails_if_email_is_invalid()
{
$response = $this->post('/admin/login', [
'email' => 'invalid-email',
'password' => 'password',
]);
$response->assertSessionHasErrors(['email']);
$this->assertEquals(
'Please enter a valid email address.',
session('errors')->get('email')[0]
);
}
/**
* Test admin login validation fails if email is not registered.
*/
public function test_admin_login_fails_if_email_is_not_registered()
{
$response = $this->post('/admin/login', [
'email' => 'unregistered@example.com',
'password' => 'password',
]);
$response->assertSessionHasErrors(['email']);
$this->assertEquals(
'This email is not registered.',
session('errors')->get('email')[0]
);
}
/**
* Test admin login validation fails if email is registered but not as an admin.
*/
public function test_admin_login_fails_if_user_is_not_an_admin()
{
User::create([
'name' => 'Regular User',
'email' => 'user@example.com',
'password' => bcrypt('password'),
'role' => 'employer', // Not admin
]);
$response = $this->post('/admin/login', [
'email' => 'user@example.com',
'password' => 'password',
]);
$response->assertSessionHasErrors(['email']);
$this->assertEquals(
'This email is not registered as an admin.',
session('errors')->get('email')[0]
);
}
/**
* Test admin login validation fails if password is wrong.
*/
public function test_admin_login_fails_if_password_is_incorrect()
{
User::create([
'name' => 'Admin User',
'email' => 'admin_test@example.com',
'password' => bcrypt('correct_password'),
'role' => 'admin',
]);
$response = $this->post('/admin/login', [
'email' => 'admin_test@example.com',
'password' => 'wrong_password',
]);
$response->assertSessionHasErrors(['password']);
$this->assertEquals(
'The password you entered is incorrect.',
session('errors')->get('password')[0]
);
}
/**
* Test admin login succeeds with correct credentials.
*/
public function test_admin_login_succeeds_with_correct_credentials()
{
$admin = User::create([
'name' => 'Admin User',
'email' => 'admin_test@example.com',
'password' => bcrypt('correct_password'),
'role' => 'admin',
]);
$response = $this->post('/admin/login', [
'email' => 'admin_test@example.com',
'password' => 'correct_password',
]);
$response->assertRedirect('/admin/dashboard');
$this->assertAuthenticatedAs($admin);
}
}